-
Notifications
You must be signed in to change notification settings - Fork 6
/
access.go
130 lines (106 loc) · 4.42 KB
/
access.go
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
package Cx1ClientGo
import (
"bytes"
"encoding/json"
"fmt"
"net/http"
"strings"
)
func (c Cx1Client) GetAccessAssignmentByID(entityId, resourceId string) (AccessAssignment, error) {
c.logger.Debugf("Getting access assignment for entityId %v and resourceId %v", entityId, resourceId)
var aa AccessAssignment
response, err := c.sendRequest(http.MethodGet, fmt.Sprintf("/access-management/?entity-id=%v&resource-id=%v", entityId, resourceId), nil, nil)
if err != nil {
return aa, err
}
err = json.Unmarshal(response, &aa)
return aa, err
}
func (c Cx1Client) AddAccessAssignment(access AccessAssignment) error {
c.logger.Debugf("Creating access assignment for entityId %v and resourceId %v", access.EntityID, access.ResourceID)
type AccessAssignmentPOST struct {
TenantID string `json:"tenantID"`
EntityID string `json:"entityID"`
EntityType string `json:"entityType"`
EntityName string `json:"entityName"`
EntityRoles []string `json:"entityRoles"`
ResourceID string `json:"resourceID"`
ResourceType string `json:"resourceType"`
ResourceName string `json:"resourceName"`
CreatedAt string `json:"createdAt"`
}
roles := make([]string, 0)
for _, r := range access.EntityRoles {
roles = append(roles, r.Name)
}
accessPost := AccessAssignmentPOST{
TenantID: access.TenantID,
EntityID: access.EntityID,
EntityType: access.EntityType,
EntityName: access.EntityName,
EntityRoles: roles,
ResourceID: access.ResourceID,
ResourceType: access.ResourceType,
ResourceName: access.ResourceName,
CreatedAt: access.CreatedAt,
}
body, err := json.Marshal(accessPost)
if err != nil {
return err
}
_, err = c.sendRequest(http.MethodPost, "/access-management", bytes.NewReader(body), nil)
return err
}
func (c Cx1Client) GetEntitiesAccessToResourceByID(resourceId, resourceType string) ([]AccessAssignment, error) {
c.logger.Debugf("Getting the entities with access assignment for resourceId %v", resourceId)
var aas []AccessAssignment
response, err := c.sendRequest(http.MethodGet, fmt.Sprintf("/access-management/entities-for?resource-id=%v&resource-type=%v", resourceId, resourceType), nil, nil)
if err != nil {
return aas, err
}
err = json.Unmarshal(response, &aas)
return aas, err
}
func (c Cx1Client) GetResourcesAccessibleToEntityByID(entityId, entityType string, resourceTypes []string) ([]AccessAssignment, error) {
var aas []AccessAssignment
c.logger.Debugf("Getting the resources accessible to entity %v", entityId)
response, err := c.sendRequest(http.MethodGet, fmt.Sprintf("/access-management/resources-for?entity-id=%v&entity-type=%v&resource-types=%v", entityId, entityType, strings.Join(resourceTypes, ",")), nil, nil)
if err != nil {
return aas, err
}
err = json.Unmarshal(response, &aas)
if err != nil {
return aas, err
}
return aas, nil
}
func (c Cx1Client) CheckAccessToResourceByID(resourceId, resourceType, action string) (bool, error) {
c.logger.Debugf("Checking current user access for resource %v and action %v", resourceId, action)
response, err := c.sendRequest(http.MethodGet, fmt.Sprintf("/access-management/has-access?resource-id=%v&resource-type=%v&action=%v", resourceId, resourceType, action), nil, nil)
if err != nil {
return false, err
}
var accessResponse struct {
AccessGranted bool `json:"accessGranted"`
}
err = json.Unmarshal(response, &accessResponse)
return accessResponse.AccessGranted, err
}
func (c Cx1Client) CheckAccessibleResources(resourceTypes []string, action string) (bool, []AccessibleResource, error) {
c.logger.Debugf("Checking current user accessible resources for action %v", action)
response, err := c.sendRequest(http.MethodGet, fmt.Sprintf("/access-management/get-resources?resource-types=%v&action=%v", strings.Join(resourceTypes, ","), action), nil, nil)
var responseStruct struct {
All bool `json:"all"`
Resources []AccessibleResource `json:"resources"`
}
if err != nil {
return responseStruct.All, responseStruct.Resources, err
}
err = json.Unmarshal(response, &responseStruct)
return responseStruct.All, responseStruct.Resources, err
}
func (c Cx1Client) DeleteAccessAssignmentByID(entityId, resourceId string) error {
c.logger.Debugf("Deleting access assignment between entity %v and resource %v", entityId, resourceId)
_, err := c.sendRequest(http.MethodDelete, fmt.Sprintf("/access-management?resource-id=%v&entity-id=%v", resourceId, entityId), nil, nil)
return err
}